Home page logo
/

metasploit logo Metasploit mailing list archives

Re: Small room for shellcode
From: danuxx () gmail com
Date: Fri, 29 Apr 2011 06:04:23 +0000

Thanks Patrick. You are right, I need to find a way to inject the shellcode in memory so that my egghunter can find it, 
actually I tried different ways but no luck yet.

Thanks again.
Sent via BlackBerry from Danux Network

-----Original Message-----
From: Patrick Webster <patrick () aushack com>
Date: Fri, 29 Apr 2011 15:17:57 
To: <danuxx () gmail com>
Cc: <framework () spool metasploit com>
Subject: Re: [framework] Small room for shellcode

Sometimes I find you can inject the payload with egg hunted tag first..

It is read & discarded by the service, but is now in memory or a log
file which is read in.

Then you trigger the overflow and execute the egg hunter, which will
find the payload.

Try that.

 i.e. sock.put(payload.encoded).
sock.put(trigger + hunter[0])

You could also try an omelette style egg hunter.

Or look at the current CPU operations & registers when you hit the
trigger - there might be some internal instructions you can jump to
which aid in exploitation.

-Patrick

On Thu, Apr 28, 2011 at 5:44 PM,  <danuxx () gmail com> wrote:
After fuzzing a service I got a buffer overflow but only 50 bytes to play with. Certainly, I could insert an 
egghunter there but I have no more bytes in memory to play with.

Thoughts?


Sent via BlackBerry from Danux Network

-----Original Message-----
From: Demiri Asmir <demiri.asmir () googlemail com>
Sender: framework-bounces () spool metasploit com
Date: Wed, 27 Apr 2011 11:36:03
To: John Nash<rootsecurityfreak () gmail com>
Cc: <framework () spool metasploit com>
Subject: Re: [framework] tutorials for beginners

thank you



2011/4/27 John Nash <rootsecurityfreak () gmail com>:
If you like videos:

http://www.securitytube.net/groups?operation=view&groupId=8



On Wed, Apr 27, 2011 at 1:52 PM, Demiri Asmir
<demiri.asmir () googlemail com> wrote:
have someone good Tutorials for begninners ?
In german maybe?

thx
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]